Ross Ulbricht Guilty of Everything

[aztecminer]

http://money.cnn.com/2015/02/04/technology/silk-road-guilty-ulbricht/index.html

"a digital currency that's difficult to trace,"


bullshiat .. liars.

[fonenumba]

You think an attacker would only need access to your computer for a few seconds to copy an entire unencrypted hard drive?

No, they only need to dump the RAM. They can then turn the laptop off. Later on in a lab they can use tool such as aesfind and FTK (used in Ross' case) to search the RAM dump for the encryption key and decrypt the drive, which must be stored in RAM in order for it to be able to read from the drive (though there are now new projects that are storing keys in the CPU debug registries, which is an awesome idea but it's very experimental right now).

That is interesting because I believe in Ross's case, the FBI was able to get everything except for the RAM - I remember reading that, due to a power issue they were not able to determine what exactly Ross was running/looking at when his laptop was pulled from him - but maybe all they got before his security measures kicked in was the encryption key.

If the encryption software were programmed to automatically encrypt the entire hard drive after n minutes with the absence of a password, then someone in the process of copying the hard drive would not be able to continue doing so after n minutes.

I think you are confused. How it works is that data written to the drive is encrypted, but in order to read the drive the password needs to be stored in RAM, and shutting it down clears the ram. Once they have the password, thats all they need they can turn the thing off.

This could potentially be countered by using some kind of time based key (similar to how authy works) Scratch that, I think this would be defeated by having the encryption key stored in RAM. It sounds like the key here (no pun intended) is to keep your RAM secure).

The software prompting a password would be based on time, not computer activity.

If the thing is prompting me every 15 minutes for a password it's going to bug me out and after about a week I'll either turn it off or go mentally insane. And if I keep using it eventually I'll give in and use a weak pasword. And if I'm being watched by the FBI there is no way I'm going to be able to enter a secret password every 15 minutes without them knowing.

You could potentially enter some kind of code based on the response it gives you. It could be very simply as long as it is not static, and as long as you only have a very short amount of time to enter it and only have one chance, or else the computer shuts down

Other solutions would be to have some kind of USB stick/drive that would serve as a kill switch in the event that it is unplugged, such USB drive would be tethered to either his wrist or neck so if the laptop is pulled away from him then it would be unplugged and the computer would shut down.

G-sensor is probably better IMO.

I have been a speculator watching Silk Road for a while, longer then I have been into bitcoin; I actually got the idea from a post on either SR1 or SR2 forums shortly after SR1 was shut down.

[fonenumba]

Law enforcement cyberforensics are known to use mouse jigglers like this:
http://www.cru-inc.com/products/wiebetech/hotplug_field_kit/

You are probably actually referring to this --> http://www.cru-inc.com/products/wiebetech/mouse_jiggler/

What you linked appears to only keep a computer powered while moving it (likely one that does not have a battery)

[moni3z]

Ulbricht made enough opsec mistakes to get himself convicted even if the laptop was excluded.  He talked about illnesses and other personal problems with informants on torchat in dozens of timestamped messages, then he would get on social media with his real identity and write to his friends/gf about them. That Poison Oak message for one. Unbelievable !! It's like he forgot what he was doing wasn't legal.  They also had their informant sitting in the library on torchat watching him type out replies.

Ulbricht's lawyer feigning incompetence by getting defence witnesses excluded to give meat to an appeal after realizing this trial was doomed is not likely to produce a different outcome since even if his entire arrest was tossed feds can still easily convict with the mountain of other opsec mistakes like that IRS agent who found his altoids persona linked to the name Ross Ulbricht which is good enough when combined with all the informant chats. They prosecute skiddies all the time from hackforums markets peddling illegal booters and spam services with same self incriminating chat with informants.

[fonenumba]

That is interesting because I believe in Ross's case, the FBI was able to get everything except for the RAM

That would make sense actually as there were screenshots of FTK submitted during the case and in them only the home folder was open. I thought it was because the home folder contained all the goodies, but it's probable they didn't get access to the entire filesystem and had just copied the home folder while the thing was on. I remember hearing the defense claim the forensic tech was incompetent,

In theory this could be a potential appeal avenue for the defense. If Ross's attorneys can convince an appellate court that the judge ruled in favor of the prosecution that the forensic tech was not incompetent in error. If that ruling does get overturned then it would have a significant impact on the case as a very large amount of evidence against Ross was found on his Laptop.

   it would seem that is the case. I guess both Ross and the tech left the laptop charger at home.

LOL

It appears that you know more about this kind of stuff then me, however in theory, Ross intentionally left the charger at home and it was some custom charger that would not be commonly be used. I don't remember reading about why most/all what was on the RAM was lost, however if an explanation could not be given (or if it is something stupid like "the laptop charger was left at home") then the chances of getting the laptop evidence thrown out goes up significantly.

I have been a speculator watching Silk Road for a while, longer then I have been into bitcoin; I actually got the idea from a post on either SR1 or SR2 forums shortly after SR1 was shut down.

I actually have that USB setup, but it wasn't intentional. My bootloader is stored on a USB stick for integrity purposes, so that someone can't tamper my bootloader while I'm away from my machine. And because I have some auto-updates enabled it isn't safe to remove it while the machine is switched on, so if it is removed my machine will shut down, as if it was removed and there was an auto-update for my bootloader my machine would be likely be unbootable. It's not tethered to me though, I guess I could always rank it out if I ever felt really unsafe

I would imagine that a tethering setup would not be difficult. Another potential setup would be to boot from tails and have a 2nd USB drive (that is encrypted) that contains a password to log into the administrative panel of SR, along with his other sensitive documents, and private keys (bitcoin and PGP), and VPN information. Although the FBI could still have grabbed him when his RAM contained the encryption keys of the USB drive, the window to do this would be much smaller - they likely would still have caught him red handed logged into the admin panel, but would most likely not have gotten the laptop at a time when they could have gotten everything else.

Remember that they discovered that the decision to try to snatch Ross's laptop while he was using it was only a last minute idea when they were conducting surveillance on him shortly prior to them planning to arrest him.   

[fonenumba]

Ulbricht made enough opsec mistakes to get himself convicted even if the laptop was excluded.  He talked about illnesses and other personal problems with informants on torchat in dozens of timestamped messages, then he would get on social media with his real identity and write to his friends/gf about them. That Poison Oak message for one. Unbelievable !! It's like he forgot what he was doing wasn't legal.  They also had their informant sitting in the library on torchat watching him type out replies.

Ulbricht's lawyer feigning incompetence by getting defence witnesses excluded to give meat to an appeal after realizing this trial was doomed is not likely to produce a different outcome since even if his entire arrest was tossed feds can still easily convict with the mountain of other opsec mistakes like that IRS agent who found his altoids persona linked to the name Ross Ulbricht which is good enough when combined with all the informant chats. They prosecute skiddies all the time from hackforums markets peddling illegal booters and spam services with same self incriminating chat with informants.

What I think they are hoping to do is use the fruit of the poisonous tree doctrine to try and get as much evidence as possible thrown out by saying the FBI did something they weren't supposed to do, by saying things like the forensics weren't done properly so the laptop can't be used as evidence etc etc or bring up the whole discovery of the server issue again and try and get pretty much everything thrown out.

This is actually an argument for the defense to have called the guy who "broke" *cough* (hacked) the Silk Road captcha to testify (or maybe it was why the government did not call him to testify). If they were to question him in detail about how he got the IP address of the server in Iceland then I would be willing to bet that it would be revealed the government did something illegal/unconstitutional.

[fonenumba]

Another potential setup would be to boot from tails and have a 2nd USB drive (that is encrypted) that contains a password to log into the administrative panel of SR, along with his other sensitive documents, and private keys (bitcoin and PGP), and VPN information.

Yeah what he needed was layered encryption. He needed to have all his stuff encrypted separately and not just rely on the FDE. There is literally no reason to have his journal unencrypted at all times the machine is on, the same for his wallet and PGP key.

The problem is that having layered encryption means you need to have multiple passwords and increases the chances of you forgetting a password, so he probably didn't do that because of this.

He could use a very similar password for each layer (or different encryption algorithms using the same password) as I don't think you can look at the encryption key and calculate the password (although I may be very wrong on this).

Another solution would to have used a password manager to unlock various layers of encryption using only one password, however the encryption key to unlock the passwords/keys contained in the password manager DB would only briefly in RAM.   

This is actually an argument for the defense to have called the guy who "broke" *cough* (hacked) the Silk Road captcha to testify (or maybe it was why the government did not call him to testify). If they were to question him in detail about how he got the IP address of the server in Iceland then I would be willing to bet that it would be revealed the government did something illegal/unconstitutional.

You know what, the story that the gov said doesn't make any sense at all, but it is possible that the captcha could leak the real IP, just not the way he said it would. I think it was that Tarbell guy who broke the captcha, he has a massive reputation and lots of experience in this area, he's the guy who nailed a bunch of people in lulzsec/anonymous, I doubt he or his company would have intentionally done anything highly illegal during an investigation, at least not something that they couldn't use parallel construction to cover up. I believe he wrote the statement on how he did it when he was away on a business trip in the Netherlands (which is also probably why he wasn't called to testify), maybe he just got the cover story mixed up

I was under the impression that he actually worked for the FBI at the time he discovered the real IP address. If he got his "story" mixed up then it would be grounds to get the evidence mixed up as his sworn testimony would have been proven to be a lie (or at least not the 100% truth). I do remember reading something about him being able to find the RL identity of several people in the "hacking" community when his declaration was presented to "explain" how he was able to discover the IP address of the SR server.

Based on what he said in his declaration, I would say that he likely was not simply manually entering text into the captcha - it was most likely something automated

[noddy2000]

Actually, the thermite idea was one used back in the day before encryption became so widespread, like a couple of decades ago.

As for Ross, the way he was captured makes me wonder if the whole thing wasn't planned out. I wonder if the whole trial isn't a fake thing, designed to attack TOR, Bitcoin and the whole Internet - a false flag operation like 9/11 - and Ross is part of it.

His defence was a joke and told people who wanted help fuck off. Binging up mark kapeles is just insane and you probably.closer to the truth than you realise. Now they can start going after websites they don't like and accusing them for then 'crimes' of others. Sites that host live streaming and torrent sites for starters off the top of my head. Everything fits into place too nicely for the mafia once more. They have a 99% success on conviction! Doesn't anyone see anything wrong with that? Lol

Fucking upside down backward western societies! And the sheep think they live in the land of the free and brave haha. Nothing further from the truth

[POM]

I would tell him "don't drop the soap homie'" 

[311]

Actually, the thermite idea was one used back in the day before encryption became so widespread, like a couple of decades ago.

As for Ross, the way he was captured makes me wonder if the whole thing wasn't planned out. I wonder if the whole trial isn't a fake thing, designed to attack TOR, Bitcoin and the whole Internet - a false flag operation like 9/11 - and Ross is part of it.

His defence was a joke and told people who wanted help fuck off. Binging up mark kapeles is just insane and you probably.closer to the truth than you realise. Now they can start going after websites they don't like and accusing them for then 'crimes' of others. Sites that host live streaming and torrent sites for starters off the top of my head. Everything fits into place too nicely for the mafia once more. They have a 99% success on conviction! Doesn't anyone see anything wrong with that? Lol

Fucking upside down backward western societies! And the sheep think they live in the land of the free and brave haha. Nothing further from the truth

It does seem like we've got some wild conspiracy theorists here. I don't know if you've noticed but he did at least admit to creating one of the worlds largest drug dealing markets and was caught in the act doing so. You people could have caught Ulbrict in the act fucking your own girlfriend and you would try find away to exonerate him and blame it on the feds. I believe you ross, the feds set you up to fuck my gf.

Protip: If you're going to set up the worlds greatest drug bazaar don't use your own email address to do so and don't get caught sat at your own computer LOGGED IN AS DPR. Jesus. Yes, the FBI and USG is corrupt as fuck but Ross is also guilty as fuck but that doesn't suit your argument so you just disregard any evidence as inside jerb.

[jabo38]

It does seem like we've got some wild conspiracy theorists here. I don't know if you've noticed but he did at least admit to creating one of the worlds largest drug dealing markets and was caught in the act doing so. You people could have caught Ulbrict in the act fucking your own girlfriend and you would try find away to exonerate him and blame it on the feds. I believe you ross, the feds set you up to fuck my gf.

Protip: If you're going to set up the worlds greatest drug bazaar don't use your own email address to do so and don't get caught sat at your own computer LOGGED IN AS DPR. Jesus. Yes, the FBI and USG is corrupt as fuck but Ross is also guilty as fuck but that doesn't suit your argument so you just disregard any evidence as inside jerb.

That was funny.

There is soooo much evidence against him, even if he got appeals and got half of it thrown out, the other half will still be enough to convict. 

And then there is the murder trial that will come up later, where he logged his conversations!  That evidence is going to really hurt his defense.

But again, maybe he was set up, right?  Or maybe it was just fan fiction?

[Bitcoinexp]

The evidence is so overwhelming, it's hard to believe some people actually are surprised. Even if he manages to magically prove some of the evidence against, the rest would flood him. Can't blame him for not trying though. Can't believe they're actually allowing him to stand trial with all the evidence so far. He could be proven guilty 1000 times before anyone bat an eyelid.

[Buffer Overflow]

Can't believe they're actually allowing him to stand trial with all the evidence so far.

Everybody has a right to a trial and have their side of the story heard.